io_uring: handle -EFAULT properly in io_uring_setup() - lwn.git - Linux kernel documentation tree maintained by Jonathan Corbet

diff options

author	Xiaoguang Wang <xiaoguang.wang@linux.alibaba.com>	2020-05-05 16:28:53 +0800
committer	Jens Axboe <axboe@kernel.dk>	2020-05-05 13:18:11 -0600
commit	7f13657d141346125f4d0bb93eab4777f40c406e (patch)
tree	ee786539b1ab574f47c0f9dd9c406a36176cc6c8 /fs/splice.c
parent	d8f1b9716cfd1a1f74c0fedad40c5f65a25aa208 (diff)
download	lwn-7f13657d141346125f4d0bb93eab4777f40c406e.tar.gz lwn-7f13657d141346125f4d0bb93eab4777f40c406e.zip

io_uring: handle -EFAULT properly in io_uring_setup()

If copy_to_user() in io_uring_setup() failed, we'll leak many kernel resources, which will be recycled until process terminates. This bug can be reproduced by using mprotect to set params to PROT_READ. To fix this issue, refactor io_uring_create() a bit to add a new 'struct io_uring_params __user *params' parameter and move the copy_to_user() in io_uring_setup() to io_uring_setup(), if copy_to_user() failed, we can free kernel resource properly. Suggested-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Xiaoguang Wang <xiaoguang.wang@linux.alibaba.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>

Diffstat (limited to 'fs/splice.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: